» realnetworks download and record plugin for internet explorer rndlbrowserrecordplugi
Overview
Analysis
File Details

realnetworks download and record plugin for internet explorer rndlbrowserrecordplugi

Attaining Association

Oleh Aleksyuk

The file realnetworks download and record plugin for internet explorer rndlbrowserrecordplugi by Oleh Aleksyuk has been detected as adware by 18 anti-malware scanners.

File name:

Publisher:

That Other (signed by Oleh Aleksyuk)

Product:

Attaining Association

Description:

Southern By

Version:

4.8.6.1

MD5:

d189ed97284b2171f33e9f617d3ad89f

SHA-1:

8d92ea049afebf36caebd8e4ec7d26d1cbacd81c

SHA-256:

826a443b61a0153835406eb4c2f63a17dec69dc307cfb6078dc744083a6dbd4f

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/20/2024 12:31:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Mplug.AO

865

Avira AntiVirus

Adware/MultiPlug.bfp

7.11.173.208

AVG

Adware Generic5.BQSA

2014.0.4015

Bitdefender

Adware.Mplug.AO

1.0.20.1325

Emsisoft Anti-Malware

Adware.Mplug.AO

8.14.09.22.01

ESET NOD32

Win32/AdWare.MultiPlug.CN application

7.0.302.0

F-Secure

Adware.Mplug.AO

11.2014-22-09_2

G Data

Adware.Mplug.AO

14.9.24

K7 AntiVirus

Unwanted-Program

13.183.13451

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.494

Malwarebytes

PUP.Optional.Multiplug

v2014.09.22.01

McAfee

MultiPlug

5600.6999

MicroWorld eScan

Adware.Mplug.AO

15.0.0.795

NANO AntiVirus

Riskware.Win32.MultiPlug.dfhbhu

0.28.2.62286

nProtect

Adware.Mplug.AO

14.09.22.01

Reason Heuristics

PUP.OlehAleksyuk.AA

14.9.22.11

Sophos

MultiPlug

4.98

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

File size:

858.9 KB (879,472 bytes)

Product version:

9.9.4.3

Original file name:

Realnetworks Download And Record Plugin .exe

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\realnetworks%20download%20and%20record%20plugin%20for%20internet%20explorer%20rndlbrowserrecordplugin%20dll.exe

Digital Signature

Signed by:

Oleh Aleksyuk

Authority:

Unizeto Technologies S.A.

Valid from:

6/24/2014 4:42:54 PM

Valid to:

6/24/2015 4:42:54 PM

Subject:

E=oleh.aleksyuk@hotmail.com, CN=Oleh Aleksyuk, O=Oleh Aleksyuk, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3F42151CCAD6E8C610946EE44021DAF5

File PE Metadata

Compilation timestamp:

4/11/2012 7:07:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:oOhe8khklf9jeMSGgwh1ha5sE84owjmDCW00U:oOnkGlf9jeq3KUMaD7TU

Entry address:

0x18DF2

Entry point:

E8, 88, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 64, 42, 00, E8, E8, 0D, 00, 00, E8, 55, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 1B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 06, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8659 (probably packed)

Code size:

132 KB (135,168 bytes)

Remove realnetworks download and record plugin for internet explorer rndlbrowserrecordplugi - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.